Author Topic: Anyone with "Win32:Malware-gen" problems?  (Read 8217 times)

0 Members and 1 Guest are viewing this topic.

zLeed

  • Guest
Anyone with "Win32:Malware-gen" problems?
« on: December 21, 2009, 11:41:40 PM »
Apparently, after the last update, I scanned my computer (thorough) and it found a "Win32:Malware-gen" in the Steam folder.
(Steam is a program hub for games, etc) It detected it at this location: C:\Program Files (x86)\Steam\WriteMiniDump.exe

I just want to make sure I'm not the only getting this problem. Anyone have this detected elsewhere?

Silence

  • Guest
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #1 on: December 21, 2009, 11:59:47 PM »
Apparently, after the last update, I scanned my computer (thorough) and it found a "Win32:Malware-gen" in the Steam folder.
(Steam is a program hub for games, etc) It detected it at this location: C:\Program Files (x86)\Steam\WriteMiniDump.exe

I just want to make sure I'm not the only getting this problem. Anyone have this detected elsewhere?

From a old post I marked for mod deletion that would have been better in this thread specifically.

Yeah I found something like this on my E: Drive in my Steam Folder, I have MBAM paid version on too. I'm going to wait a bit to see if this is the start of a Mass reporting of false alarms, before I do the system cleansing. I think the program was writeminidump.exe in the steam folder which based on a cursorary google search looks like the normal steam file, but I just remembered the file name in part and searched through the steam folders for .exe's that matched the name I remembered from the warning. I got this alert from the Screen Saver Anti-Virus search.

Edit: Yeah I did another Scan of the Steam Folder where the alarm took place and the file was indeed writeminidump.exe so I will do more research on it... It is used to make a Minidump file for steam tech support so they can help diagnose your problem, if it is what it says it is. Jotti found nothing.
« Last Edit: December 22, 2009, 12:10:08 AM by Silence »

zLeed

  • Guest
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #2 on: December 22, 2009, 12:30:38 AM »
Apparently, after the last update, I scanned my computer (thorough) and it found a "Win32:Malware-gen" in the Steam folder.
(Steam is a program hub for games, etc) It detected it at this location: C:\Program Files (x86)\Steam\WriteMiniDump.exe

I just want to make sure I'm not the only getting this problem. Anyone have this detected elsewhere?

From a old post I marked for mod deletion that would have been better in this thread specifically.

Yeah I found something like this on my E: Drive in my Steam Folder, I have MBAM paid version on too. I'm going to wait a bit to see if this is the start of a Mass reporting of false alarms, before I do the system cleansing. I think the program was writeminidump.exe in the steam folder which based on a cursorary google search looks like the normal steam file, but I just remembered the file name in part and searched through the steam folders for .exe's that matched the name I remembered from the warning. I got this alert from the Screen Saver Anti-Virus search.

Edit: Yeah I did another Scan of the Steam Folder where the alarm took place and the file was indeed writeminidump.exe so I will do more research on it... It is used to make a Minidump file for steam tech support so they can help diagnose your problem, if it is what it says it is. Jotti found nothing.

Ah ok, thanks for that. If this thread is not needed, then no one post. I was just wondering if anyone else got this problem related to this alert.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87438
  • No support PMs thanks
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #3 on: December 22, 2009, 01:03:33 AM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

For me just looking at the file name makes me think something that it does could be consider malicious. As to create a minidump in windows normally entails crashing something when it hangs. So I don't know if that is what it does as some sort of diagnostic tool.

Having just read fully what Silence posted confirms my suspicion, it is the action that could possibly be used maliciously and most likely what the generic signature is picking up in, see below...

The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

Some other AVs may also find this as suspicious also so a report from the VT results will show one way or another, but you should still report this as a probable false positive or at least should be classified differently as a [Tool] or riskware, etc.

####
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

geeksterami

  • Guest
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #4 on: December 22, 2009, 02:40:56 AM »
WriteMiniDump.exe is indeed a legitimate file and is part of Steam, the question is whether or not it has become infected?

Check this link...


http://www.processlist.com/info/writeminidump.html

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87438
  • No support PMs thanks
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #5 on: December 22, 2009, 02:53:07 AM »
Whilst there may be no question in its legitimacy, but what it does might be interpreted as malicious and that is where the problem lies an AV can't determine intent, so like many tools they could be used for good or evil.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Silence

  • Guest
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #6 on: December 22, 2009, 11:25:46 PM »
I think the problem was fix yesterday too, the same day the problem came out, I did a system restore from some other reason, and avast updated and no problem.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87438
  • No support PMs thanks
Re: Anyone with "Win32:Malware-gen" problems?
« Reply #7 on: December 22, 2009, 11:35:31 PM »
Looks like someone else must have uploaded it to avast for analysis then and the VPS signature modified.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security